Is this a giant Texas cockroach or what social media is turning privacy into?

It’s rare to talk about social media legal issues without talking a lot about privacy. Heck, the last post I did was mostly about Barbra Streisand but even then I had to take a few swipes at privacy. Social media and privacy end up at odds frequently because privacy is about keeping secrets while social media is about sharing content. While they aren’t archenemies they certainly take swings at each other.

Many writers will contemplate the death of privacy or ensure us of the continued existence of privacy–the truth is somewhere in between. Time changes all things, some more dramatically than others. Privacy is one of those dramatic changes and it is currently in a state of metamorphosis–but what will emerge at the end, a Kafka cockroach or a beautiful butterfly? Or will we even care?

Here’s the latest story that caught my attention (pointed out by one of my friends who insists he isn’t on social media despite being on LinkedIn): Starwood may be looking at public social media information for guests at its hotel. You can read the details in the blog post itself, but here’s how the author wrapped up the post:

I take my privacy seriously. All the hotel companies, Starwood included, already have enough information about me based on my stay history to personalize the stay. I do not want Starwood or any other hotel company for that matter to start doing searches on my social networks about my personal preferences outside of my hotel stays.

We can all understand the sentiment. The vast majority of people think they take their privacy seriously–but to them “taking it seriously” means it is something they care about. It doesn’t mean that they do much to enforce their rights or obligations. Doing so would require taking additional steps, like understanding what information is out there or how people will handle it, and is a completely different level of activity. A level that the author, and I believe most people, isn’t willing to participate in. I think that’s the case because the author then wrote this:

Personally, I wouldn’t mind if the hotels are doing this after I have given them an explicit permission to do so. Hiding it in the yearly Privacy Policy change is not enough.

Hiding it in the Privacy Policy? Hiding? Where else would you expect to find statements on how your information is going to be viewed, recorded, or used?

Let’s translate what the author is really saying here. “Privacy matters to me but I don’t have time to read the Privacy Policy.” That’s fine and it’s understandable. But if you take privacy seriously then you need to read the documents. I read them, but I know I’m in the minority (and even I find them tedious many times).

Privacy is going through a dramatic change because there are so many ways to share information and so many ways to access the information. Let me try and illustrate the point.

I usually hate analogies, but I’ll give this one a shot: Privacy is like a museum. And more than the Museum of Me that Intel did (which was clever). Every bit of information you share with the world is a painting. Every room in a museum is a social platform. You can choose where to hang your painting just like you can choose where to share your information. At least, you can make the choice initially.

But after that, you are likely to lose control. Every platform, like every room, will have its own rules. In museums we typically see guards posted in some rooms (highly restrictive platforms). Some rooms don’t have any guards (platforms with no restrictions). Some rooms are supposed to have guards but the guards go wandering or fall asleep (like when security breaks down and the founder’s private photographs are suddenly made public).

And if those guards are awake and alert, they have to enforce different rules in each room. Some rooms you can’t do anything but look. Other rooms will let you draw sketches of what you see (like making anonymous copies of data), other rooms will let you photograph the artwork (make complete copies to use as you will). And every once in a while someone will wander in and complain how long the line is for the cafe (Twitter).

Speaking of people wandering through, you have a lot of those in the social media museum. Sometimes those people are following all the rules and viewing the artwork exactly as intended (art students, museum employees, my wife). Sometimes the patrons will follow all the rules until the moment the guard’s back is turned and then they’ll snap a bunch of photos and run out (certain malicious platform apps). Maybe there’s a patron who’s wandering through, looking at the artwork like everyone else, but there’s just something creepy about it–like the above blogger’s reaction to Starwood as if it’s a weird guy wearing a trenchcoat and sunglasses and staring at the paintings while people walk by. And then you have some absolute insane people who run in and start licking the painting (hijacking info or accounts). Yes, that last one actually happens in museums–you can ask my wife who worked one summer at the Guggenheim in Venice.

If the analogy still holds, now it completely falls apart. Because unlike museums that have only one original piece to display, your information can be copied. So your name and photo can be in one room, subject to one set of rules/guards/viewers while in another room another set of rules/guards/viewers may see that same information. It’s a complicated mess.

Add to this entire crazy scene the notion that someone could come into the museum, look at just the information you posted, following all the rules, and you’ll still feel icky about it. That’s the Starwood example here. Starwood has said they’ll look at your public information at which point the blogger and some others feel that, sure, the information was public, but they didn’t know it would be used that particular way. And suddenly all the rules go out the window because everything you thought mattered–what you posted, how it would be used, who would see it–no longer matters because of how it makes you feel.

How someone uses our data is the final stage in transforming our view of privacy, but the level of sophistication there is beyond amazing. There’s a great article on how Target knew some of their customers were pregnant (and inadvertently outed one of their teenage customers to her dad) that illustrates the point. With all this data floating around, it will be used in ways you cannot imagine. But once you imagine it, then what? Are you going to stop using social platforms? Try and claw back all your precious data? Take your virtual paintings and go home?

For now, your best bet is to carefully consider what you put onto social media. You can try and restrict where that content will go and you might even succeed, but odds are the data will be seen by people you didn’t anticipate and used in ways you didn’t desire. Your private information goes in and something else will emerge–will it be a cockroach or a butterfly?

I’m fairly certain they did. As the original blog post pointed out, the privacy policy had already been changed and, like most large companies, they probably informed everyone of the change in policy. Whether people read the changes or the changed policy is another question (and I think we can guess the answer).

We get emails about changed privacy policies all the time. Heck, in just the last few days I got one from Living Social and Twitter and those weren’t even major changes like Pinterest or Google over the last few months.

The policy has a revised date of December 22, 2011 and an effective date of January 22, 2012 ( http://www.starwoodhotels.com/corporate/privacy_policy.html ). You usually leave a gap between a revised and effective date to communicate the new policy, so I’m guessing that Starwood did so here. I don’t know if the FlyerTalk users automatically deleted the message or didn’t receive it, but it sounds from the blog post more along the lines of them not being happy that this specific change was not called out to them. Even though many companies are doing a better job at highlighting some important changes in policies over time, that wouldn’t be required of Starwood.

Also, since Starwood is more than just a website, they may have physically mailed out the policy or discussed the changes in a physical letter–too many possible ways to disclose the change to say it didn’t happen. The blog post I read complained more about the change being hidden in the policy, which is akin to saying a knife was hidden in the silverware drawer.

IMPORTANT DISCLAIMER

SoMeLaw Thoughts are entirely my own opinion about social media legal issues and not the statement, opinion, or in any other way affiliated with Dell.

This means I could be completely wrong about everything I post here. Sure, I’ve practiced for over ten years in technology law and have supported Dell’s social media team for a fair amount of time, but if you get five lawyers in a room and ask a question you’re likely to get seven different opinions. Oh, and it’s a really boring room. And someone will probably start quoting Latin. So I could be totally wrong here.

This is also not specific legal advice for you. I don't know you. Even if I know you I didn't write this for you, I wrote it for the blog and you're reading it. You want legal advice? Hire an attorney! A good one.